diff options
Diffstat (limited to 'www/analyzer')
| -rw-r--r-- | www/analyzer/annotations.html | 72 | ||||
| -rw-r--r-- | www/analyzer/available_checks.html | 3 | ||||
| -rw-r--r-- | www/analyzer/checker_dev_manual.html | 38 | ||||
| -rw-r--r-- | www/analyzer/content.css | 1 | ||||
| -rw-r--r-- | www/analyzer/dev_cxx.html | 37 | ||||
| -rw-r--r-- | www/analyzer/faq.html | 16 | ||||
| -rw-r--r-- | www/analyzer/index.html | 29 | ||||
| -rw-r--r-- | www/analyzer/latest_checker.html.incl | 2 | ||||
| -rw-r--r-- | www/analyzer/potential_checkers.html | 183 | ||||
| -rw-r--r-- | www/analyzer/release_notes.html | 41 | ||||
| -rw-r--r-- | www/analyzer/xcode.html | 44 |
11 files changed, 282 insertions, 184 deletions
diff --git a/www/analyzer/annotations.html b/www/analyzer/annotations.html index bb4bc44..ca6a185 100644 --- a/www/analyzer/annotations.html +++ b/www/analyzer/annotations.html @@ -127,7 +127,10 @@ conventions can cause the analyzer to miss bugs or flag false positives.</p> <p>One can educate the analyzer (and others who read your code) about methods or functions that deviate from the Cocoa and Core Foundation conventions using the -attributes described here.</p> +attributes described here. However, you should consider using proper naming +conventions or the <a +href="http://clang.llvm.org/docs/LanguageExtensions.html#the-objc-method-family-attribute"><tt>objc_method_family</tt></a> +attribute, if applicable.</p> <h4 id="attr_ns_returns_retained">Attribute 'ns_returns_retained' (Clang-specific)</h4> @@ -135,7 +138,9 @@ attributes described here.</p> <p>The GCC-style (Clang-specific) attribute 'ns_returns_retained' allows one to annotate an Objective-C method or C function as returning a retained Cocoa object that the caller is responsible for releasing (via sending a -<tt>release</tt> message to the object).</p> +<tt>release</tt> message to the object). The Foundation framework defines a +macro <b><tt>NS_RETURNS_RETAINED</tt></b> that is functionally equivalent to the +one shown below.</p> <p><b>Placing on Objective-C methods</b>: For Objective-C methods, this annotation essentially tells the analyzer to treat the method as if its name @@ -202,7 +207,9 @@ href="#attr_ns_returns_retained">ns_returns_retained</a>'. Where a function or method may appear to obey the Cocoa conventions and return a retained Cocoa object, this attribute can be used to indicate that the object reference returned should not be considered as an "owning" reference being -returned to the caller.</p> +returned to the caller. The Foundation framework defines a +macro <b><tt>NS_RETURNS_NOT_RETAINED</tt></b> that is functionally equivalent to +the one shown below.</p> <p>Usage is identical to <a href="#attr_ns_returns_retained">ns_returns_retained</a>. When using the @@ -229,7 +236,9 @@ its availability, as it is not available in earlier versions of the analyzer:</p <p>The GCC-style (Clang-specific) attribute 'cf_returns_retained' allows one to annotate an Objective-C method or C function as returning a retained Core -Foundation object that the caller is responsible for releasing. +Foundation object that the caller is responsible for releasing. The +CoreFoundation framework defines a macro <b><tt>CF_RETURNS_RETAINED</tt></b> +that is functionally equivalent to the one shown below.</p> <p><b>Placing on Objective-C methods</b>: With respect to Objective-C methods., this attribute is identical in its behavior and usage to 'ns_returns_retained' @@ -330,7 +339,9 @@ href="#attr_cf_returns_retained">cf_returns_retained</a>'. Where a function or method may appear to obey the Core Foundation or Cocoa conventions and return a retained Core Foundation object, this attribute can be used to indicate that the object reference returned should not be considered as an -"owning" reference being returned to the caller.</p> +"owning" reference being returned to the caller. The +CoreFoundation framework defines a macro <b><tt>CF_RETURNS_NOT_RETAINED</tt></b> +that is functionally equivalent to the one shown below.</p> <p>Usage is identical to <a href="#attr_cf_returns_retained">cf_returns_retained</a>. When using the @@ -355,9 +366,12 @@ its availability, as it is not available in earlier versions of the analyzer:</p <h4 id="attr_ns_consumed">Attribute 'ns_consumed' (Clang-specific)</h4> -<p>The 'ns_consumed' attribute can be placed on a specific parameter in either the declaration of a function or an Objective-C method. - It indicates to the static analyzer that a <tt>release</tt> message is implicitly sent to the parameter upon - completion of the call to the given function or method. +<p>The 'ns_consumed' attribute can be placed on a specific parameter in either +the declaration of a function or an Objective-C method. It indicates to the +static analyzer that a <tt>release</tt> message is implicitly sent to the +parameter upon completion of the call to the given function or method. The +Foundation framework defines a macro <b><tt>NS_RELEASES_ARGUMENT</tt></b> that +is functionally equivalent to the <tt>NS_CONSUMED</tt> macro shown below.</p> <p><b>Important note when using Garbage Collection</b>: Note that the analyzer essentially ignores this attribute when code is compiled to use Objective-C @@ -409,14 +423,19 @@ void test_method2() { <h4 id="attr_cf_consumed">Attribute 'cf_consumed' (Clang-specific)</h4> -<p>The 'cf_consumed' attribute is practically identical to <a href="#attr_ns_consumed">ns_consumed</a>. -The attribute can be placed on a specific parameter in either the declaration of a function or an Objective-C method. -It indicates to the static analyzer that the object reference is implicitly passed to a call to <tt>CFRelease</tt> upon -completion of the call to the given function or method.</p> +<p>The 'cf_consumed' attribute is practically identical to <a +href="#attr_ns_consumed">ns_consumed</a>. The attribute can be placed on a +specific parameter in either the declaration of a function or an Objective-C +method. It indicates to the static analyzer that the object reference is +implicitly passed to a call to <tt>CFRelease</tt> upon completion of the call +to the given function or method. The CoreFoundation framework defines a macro +<b><tt>CF_RELEASES_ARGUMENT</tt></b> that is functionally equivalent to the +<tt>CF_CONSUMED</tt> macro shown below.</p> -<p>Operationally this attribute is nearly identical to ns_consumed -with the main difference that the reference count decrement still occurs when using Objective-C garbage -collection (which is import for Core Foundation types, which are not automatically garbage collected).</p> +<p>Operationally this attribute is nearly identical to 'ns_consumed' with the +main difference that the reference count decrement still occurs when using +Objective-C garbage collection (which is import for Core Foundation types, +which are not automatically garbage collected).</p> <p><b>Example</b></p> @@ -461,13 +480,13 @@ void test_method() { <h4 id="attr_ns_consumes_self">Attribute 'ns_consumes_self' (Clang-specific)</h4> -<p>The 'ns_consumes_self' attribute can be placed only on an Objective-C method declaration. - It indicates that the receiver of the message is "consumed" (a single reference count decremented) - after the message is sent. This matches the semantics of all "init" methods. -</p> +<p>The 'ns_consumes_self' attribute can be placed only on an Objective-C method +declaration. It indicates that the receiver of the message is +"consumed" (a single reference count decremented) after the message +is sent. This matches the semantics of all "init" methods.</p> -<p>One use of this attribute is declare your own init-like methods that do not follow the - standard Cocoa naming conventions.</p> +<p>One use of this attribute is declare your own init-like methods that do not +follow the standard Cocoa naming conventions.</p> <p><b>Example</b></p> @@ -490,8 +509,15 @@ void test_method() { @end </pre> -<p>In this example, <tt>nonstandardInitWith:</tt> has the same ownership semantics as the init method <tt>initWith:</tt>. - The static analyzer will observe that the method consumes the receiver, and then returns an object with a +1 retain count.</p> +<p>In this example, <tt>-nonstandardInitWith:</tt> has the same ownership +semantics as the init method <tt>-initWith:</tt>. The static analyzer will +observe that the method consumes the receiver, and then returns an object with +a +1 retain count.</p> + +<p>The Foundation framework defines a macro <b><tt>NS_REPLACES_RECEIVER</tt></b> +which is functionally equivalent to the combination of <tt>NS_CONSUMES_SELF</tt> +and <tt>NS_RETURNS_RETAINED</tt> shown above.</p> + <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - --> <h2 id="custom_assertions">Custom Assertion Handlers</h2> diff --git a/www/analyzer/available_checks.html b/www/analyzer/available_checks.html index 4f8971c..be15125 100644 --- a/www/analyzer/available_checks.html +++ b/www/analyzer/available_checks.html @@ -176,14 +176,13 @@ <td><b>unix.cstring.NullArg</b></td><td>Check for null pointers being passed as arguments to C string functions.</td> </table> -<p>In addition to these the analyzer contains numerous experimental (beta) checkers.</p> +<p>In addition to these the analyzer contains numerous experimental (alpha) checkers.</p> <h3>Writeups with examples of some of the bugs that the analyzer finds</h3> <ul> <li><a href="http://www.mobileorchard.com/bug-finding-with-clang-5-resources-to-get-you-started/">Bug Finding With Clang: 5 Resources To Get You Started</a></li> <li><a href="http://fruitstandsoftware.com/blog/index.php/2008/08/finding-memory-leaks-with-the-llvmclang-static-analyzer/#comment-2">Finding Memory Leaks With The LLVM/Clang Static Analyzer</a></li> -<li><a href="http://www.therareair.com/howto-static-analyze-your-objective-c-code-using-the-clang-static-analyzer-tool-gallery/">HOWTO: Static Analyze Your Objective-C Code Using the Clang Static Analyzer Tool Gallery</a></li> <li><a href="http://www.rogueamoeba.com/utm/2008/07/14/the-clang-static-analyzer/">Under the Microscope - The Clang Static Analyzer</a></li> <li><a href="http://www.mikeash.com/?page=pyblog/friday-qa-2009-03-06-using-the-clang-static-analyzer.html">Mike Ash - Using the Clang Static Analyzer</a></li> </ul> diff --git a/www/analyzer/checker_dev_manual.html b/www/analyzer/checker_dev_manual.html index 043b536..5368eb0 100644 --- a/www/analyzer/checker_dev_manual.html +++ b/www/analyzer/checker_dev_manual.html @@ -116,28 +116,44 @@ for general developer guidelines and information. </p> <h3>Representing Values</h3> During symbolic execution, <a href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1SVal.html">SVal</a> - objects are used to represent the semantic evaluation of expressions. They can - represent things like concrete integers, symbolic values, or memory locations - (which are memory regions). They are a discriminated union of "values", - symbolic and otherwise. + objects are used to represent the semantic evaluation of expressions. + They can represent things like concrete + integers, symbolic values, or memory locations (which are memory regions). + They are a discriminated union of "values", symbolic and otherwise. + If a value isn't symbolic, usually that means there is no symbolic + information to track. For example, if the value was an integer, such as + <tt>42</tt>, it would be a <a href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1nonloc_1_1ConcreteInt.html">ConcreteInt</a>, + and the checker doesn't usually need to track any state with the concrete + number. In some cases, <tt>SVal</tt> is not a symbol, but it really should be + a symbolic value. This happens when the analyzer cannot reason about something + (yet). An example is floating point numbers. In such cases, the + <tt>SVal</tt> will evaluate to <a href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1UnknownVal.html">UnknownVal<a>. + This represents a case that is outside the realm of the analyzer's reasoning + capabilities. <tt>SVals</tt> are value objects and their values can be viewed + using the <tt>.dump()</tt> method. Often they wrap persistent objects such as + symbols or regions. <p> <a href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1SymExpr.html">SymExpr</a> (symbol) - is meant to represent abstract, but named, symbolic value. - Symbolic values can have constraints associated with them. Symbols represent + is meant to represent abstract, but named, symbolic value. Symbols represent an actual (immutable) value. We might not know what its specific value is, but - we can associate constraints with that value as we analyze a path. + we can associate constraints with that value as we analyze a path. For + example, we might record that the value of a symbol is greater than + <tt>0</tt>, etc. + <p> + <p> - <a href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1MemRegion.html">MemRegion</a> is similar to a symbol. It is used to provide a lexicon of how to describe abstract memory. Regions can layer on top of other regions, providing a layered approach to representing memory. For example, a struct object on the stack might be represented by a <tt>VarRegion</tt>, but a <tt>FieldRegion</tt> which is a subregion of the <tt>VarRegion</tt> could be used to represent the memory associated with a specific field of that object. - So how do we represent symbolic memory regions? That's what <a href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1SymbolicRegion.html">SymbolicRegion</a> - is for. It is a <tt>MemRegion</tt> that has an associated symbol. Since the + So how do we represent symbolic memory regions? That's what + <a href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1SymbolicRegion.html">SymbolicRegion</a> + is for. It is a <tt>MemRegion</tt> that has an associated symbol. Since the symbol is unique and has a unique name; that symbol names the region. - <p> + + <P> Let's see how the analyzer processes the expressions in the following example: <p> <pre class="code_example"> diff --git a/www/analyzer/content.css b/www/analyzer/content.css index c2fa294..6f68fdb 100644 --- a/www/analyzer/content.css +++ b/www/analyzer/content.css @@ -87,6 +87,7 @@ table.checkers td { border-bottom: 1px #cccccc dotted; } +table.checkers td.aligned { text-align: center; vertical-align: middle; } table.checkers col.namedescr { width: 45% } table.checkers col.example { width: 55% } table.checkers col.progress { width: 84px } diff --git a/www/analyzer/dev_cxx.html b/www/analyzer/dev_cxx.html index 39dbf7b..4424a9a 100644 --- a/www/analyzer/dev_cxx.html +++ b/www/analyzer/dev_cxx.html @@ -15,16 +15,13 @@ <h1>C++ Support</h1> -<p>The Clang frontend -now <a href="http://clang.llvm.org/cxx_status.html">supports the -majority of C++</a>. Support in the frontend for C++ language -features, however, does not automatically translate into support for -those features in the static analyzer. Language features need to be -specifically modeled in the static analyzer so their semantics can be -properly analyzed. Support for analyzing C++ and Objective-C++ files -is currently extremely limited, and we are only encouraging those who -are interested in contributing to the development of the analyzer to -try this functionality out at this time.</p> +<p>The Clang compiler <a +href="http://clang.llvm.org/cxx_status.html">supports almost all of C++11</a>. +Support in the frontend for C++ language features, however, does not +automatically translate into support for those features in the static analyzer. +Language features need to be specifically modeled in the static analyzer so +their semantics can be properly analyzed. Support for analyzing C++ and +Objective-C++ files is currently fairly basic.</p> <p>Listed here are a set of open tasks that are prerequisites for decent analysis of C++. This list is also not complete; new tasks @@ -33,16 +30,22 @@ will be added as deemed necessary.</p> <ul> <li>Control-Flow Graph Enhancements: <ul> - <li>Model C++ destructors</li> - <li>Model C++ initializers (in constructors)</li> + <li>Model destructors for temporary objects</li> + <li>Model the implicit allocator call to <tt>operator new</tt></li> </ul> </li> - <li>Path-Sensitive Analysis Engine (GRExprEngine): + <li>Path-Sensitive Analysis Engine (ExprEngine): <ul> - <li>Model C++ casts</li> - <li>Model C++ constructors</li> - <li>Model C++ destructors</li> - <li>Model <tt>new</tt> and <tt>delete</tt></li> + <li>Allow constructors to be inlined</li> + <li>Allow destructors to be inlined</li> + <li>Fully model <tt>new</tt> and <tt>delete</tt></li> + <li>Track type info through casts more precisely</li> + </ul> + </li> + <li>Checkers: + <ul> + <li>Check that <tt>new</tt> and <tt>delete</tt> are correctly paired</li> + <li>For more ideas, see the <a href="potential_checkers.html">list of potential checkers</a></li> </ul> </li> </ul> diff --git a/www/analyzer/faq.html b/www/analyzer/faq.html index 5c132b5..129bfb6 100644 --- a/www/analyzer/faq.html +++ b/www/analyzer/faq.html @@ -68,13 +68,15 @@ int foo(int *b) { <img src="images/example_use_assert.png" alt="example use assert"> -<p>You can teach the analyzer facts about your code as well as document it by -using assertions. In the contrived example above, the analyzer reports an error -on the path which assumes that the loop is never entered. However, the owner of -the code might know that the loop is always entered because the input parameter -<tt>length</tt> is always greater than <tt>0</tt>. The false positive can be -suppressed by asserting this knowledge, adding <tt>assert(length > 0)</tt> in -the beginning of the function.</p> +<p> In the contrived example above, the analyzer has detected that the body of +the loop is never entered for the case where <tt>length <= 0</tt>. In this +particular example, you may know that the loop will always be entered because +the input parameter <tt>length</tt> will be greater than zero in all calls to this +function. You can teach the analyzer facts about your code as well as document +it by using assertions. By adding <tt>assert(length > 0)</tt> in the beginning +of the function, you tell the analyzer that your code is never expecting a zero +or a negative value, so it won't need to test the correctness of those paths. +</p> <pre class="code_example"> int foo(int length) { diff --git a/www/analyzer/index.html b/www/analyzer/index.html index 18bafd0..33e8581 100644 --- a/www/analyzer/index.html +++ b/www/analyzer/index.html @@ -69,12 +69,12 @@ <h1>Clang Static Analyzer</h1> -<p>The Clang Static Analyzer is source code analysis tool that find bugs in C -and Objective-C programs.</p> +<p>The Clang Static Analyzer is a source code analysis tool that finds bugs in +C, C++, and Objective-C programs.</p> -<p>Currently it can be run either as a <a href="/scan-build.html">standalone -tool</a> or <a href="/xcode.html">within Xcode</a>. The standalone tool is -invoked from the command-line, and is intended to be run in tandem with a build +<p>Currently it can be run either as a <a href="scan-build.html">standalone +tool</a> or <a href="xcode.html">within Xcode</a>. The standalone tool is +invoked from the command line, and is intended to be run in tandem with a build of a codebase.</p> <p>The analyzer is 100% open source and is part of the <a @@ -138,14 +138,14 @@ applications.</p> </td><td style="padding-left:10px"> <a href="images/analyzer_xcode.png"><img src="images/analyzer_xcode.png" width="450" alt="analyzer in xcode"></a> -<div style="text-align:center"><b>Viewing static analyzer results in Xcode 3.2</b></div> +<div style="text-align:center"><b>Viewing static analyzer results in Xcode</b></div> <a href="images/analyzer_html.png"><img src="images/analyzer_html.png" width="450" alt="analyzer in browser"></a> <div style="text-align:center"><b>Viewing static analyzer results in a web browser</b></div> </td></tr></table> <h2 id="StaticAnalysis">What is Static Analysis?</h2> -<p>The term "static analysis" is conflated, but here we use it to mean +<p>The term "static analysis" is conflated, but here we use it to mean a collection of algorithms and techniques used to analyze source code in order to automatically find bugs. The idea is similar in spirit to compiler warnings (which can be useful for finding coding errors) but to take that idea a step @@ -155,9 +155,8 @@ techniques such as testing.</p> <p>Static analysis bug-finding tools have evolved over the last several decades from basic syntactic checkers to those that find deep bugs by reasoning about the semantics of code. The goal of the Clang Static Analyzer is to provide a -industrial-quality static analysis framework for analyzing C and Objective-C -programs that is freely available, extensible, and has a high quality of -implementation.</p> +industrial-quality static analysis framework for analyzing C, C++, and +Objective-C programs that is freely available, extensible, and has a high quality of implementation.</p> <h3 id="Clang">Part of Clang and LLVM</h3> @@ -175,11 +174,11 @@ bugs, we ask you to bear in mind a few points when using it.</p> <h3>Work-in-Progress</h3> -<p>The analyzer is a continuous work-in-progress. -There are many planned enhancements to improve both the precision and scope of -its analysis algorithms as well as the kinds bugs it will find. While there are -fundamental limitations to what static analysis can do, we have a long way to go -before hitting that wall.</p> +<p>The analyzer is a continuous work-in-progress. There are many planned +enhancements to improve both the precision and scope of its analysis algorithms +as well as the kinds of bugs it will find. While there are fundamental +limitations to what static analysis can do, we have a long way to go before +hitting that wall.</p> <h3>Slower than Compilation</h3> diff --git a/www/analyzer/latest_checker.html.incl b/www/analyzer/latest_checker.html.incl index 996bc34..1355297 100644 --- a/www/analyzer/latest_checker.html.incl +++ b/www/analyzer/latest_checker.html.incl @@ -1 +1 @@ -<b><a href="http://bit.ly/USf8ge">checker-269.tar.bz2</a></b> (built September 25, 2012) +<b><a href="https://attache.apple.com/AttacheWeb/dl?id=ATCbb91eedf8edf4c7388549be8f91e810d">checker-272.tar.bz2</a></b> (built March 1, 2013) diff --git a/www/analyzer/potential_checkers.html b/www/analyzer/potential_checkers.html index f65106e..04bf9fe 100644 --- a/www/analyzer/potential_checkers.html +++ b/www/analyzer/potential_checkers.html @@ -43,7 +43,8 @@ void test() { return; delete p2; } -</pre></td><td></td></tr> +</pre></td><td class="aligned"><a href="http://llvm.org/bugs/show_bug.cgi?id=15237">PR15237</a> +</td></tr> <tr><td><span class="name">memory.MismatchedFree <br>enhancement to unix.Malloc<br>(C, C++)</span><br><br> @@ -58,7 +59,8 @@ void test() { free(p1); // warn free(p2); // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"><a href="http://llvm.org/bugs/show_bug.cgi?id=15238">PR15238</a> +</td></tr> <tr><td><span class="name">memory.MismatchedDelete <br>(C, C++)</span><br><br> @@ -75,7 +77,8 @@ void test() { delete p2; // warn delete p3; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"><a href="http://llvm.org/bugs/show_bug.cgi?id=15238">PR15238</a> +</td></tr> <tr><td><span class="name">memory.MultipleDelete <br>(C++)</span><br><br> @@ -92,7 +95,9 @@ void test() { delete p2; // warn delete p3; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"><a href="http://llvm.org/bugs/show_bug.cgi?id=15237">PR15237</a> +</td></tr> + <tr><td><span class="name">memory.LeakPtrValChanged <br>enhancement to unix.Malloc<br>(C, C++)</span><br><br> @@ -116,7 +121,9 @@ void test() { f(p4); p4++; // ok } -</pre></td><td></td></tr> +</pre></td><td class="aligned">done at r174678 (C case) +</td></tr> + <tr><td><span class="name">memory.DeallocateNonPtr <br>enhancement to unix.Malloc<br>(C, C++)</span><br><br> @@ -138,7 +145,9 @@ void test() { delete s; // warn free(s); // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"><a href="http://llvm.org/bugs/show_bug.cgi?id=15237">PR15237</a> +</td></tr> + <tr><td><span class="name">memory.LeakEvalOrder<br> (C, C++)</span><br><br> @@ -156,7 +165,7 @@ void test() { f1(g((int *)malloc(sizeof(int))), h()); // warn f2(new int, new int); } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">memory.DstBufferTooSmall <br>(C, C++)</span><br><br> @@ -173,7 +182,7 @@ void test() { int* p2 = new int; memcpy(p2, p1, 3); // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">memory.NegativeArraySize <br>enhancement to experimental.security.MallocOverflow<br>(C, C++) @@ -187,7 +196,7 @@ void test() { int n1 = -1; p = new int[n1]; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> </table> @@ -208,7 +217,7 @@ class A { A() {} ~A() { throw 1; } // warn }; -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">ctordtor.ExptInsideDtorImplicit<br> (C++)</span><br><br> @@ -221,7 +230,7 @@ class A { A() {} ~A() { f(); } // warn }; -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> </table> @@ -237,7 +246,7 @@ Function prototype has throw(T) specifier but the function do not throw </td><td><pre> void f() throw(int) { // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">exceptions.NoThrowSpecButThrows <br>(C++)</span><br><br> @@ -246,7 +255,7 @@ An exception is throw from a function having the throw() specifier void f() throw() { throw(1); // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">exceptions.ThrownTypeDiffersSpec <br>(C++)</span><br><br> @@ -258,7 +267,7 @@ void f() throw(int) { S s; throw (s); // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> </table> @@ -286,7 +295,7 @@ void test() { std::auto_ptr<int> p3((int *)malloc(sizeof(int))); // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> </table> @@ -311,7 +320,7 @@ public: }; A a; -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.LocalStaticDestroyed <br>(C++)</span><br><br> @@ -336,7 +345,7 @@ A a; void f() { static B b; // <- } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.UseAfterRelease <br>enhancement to unix.Malloc<br>(C, C++)</span><br><br> @@ -351,7 +360,7 @@ void test() { int i = *p; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.ZeroAllocDereference <br>enhancement to unix.Malloc<br>(C, C++)</span><br><br> @@ -362,7 +371,7 @@ undefined int *p = new int[0]; int i = p[0]; // warn -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.DeadReferenced <br>(C++)</span><br><br> @@ -418,7 +427,7 @@ void test() { dynamic_cast<A*>(b); // warn delete b; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.ObjLocChanges <br>(C++)</span><br><br> @@ -439,7 +448,7 @@ void test() { new (&b2) T; delete b1; // warn } // warn -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.ExprEvalOrderUndef <br>(C, C++03)</span><br><br> @@ -452,7 +461,7 @@ void test () { i = v[i++]; // warn i = ++i + 1; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.StaticInitReentered <br>(C)</span><br><br> @@ -463,7 +472,7 @@ int test(int i) { static int s = test(2*i); // warn return i+1; } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.ConstModified <br>(C, C++)</span><br><br> @@ -493,7 +502,7 @@ void test() { p->x.i = 1; // ok p->x.j = 1; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.DeadDestructed <br>(C++)</span><br><br> @@ -511,7 +520,7 @@ void test() { A a; a.~A(); } // warn -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.MethodCallBeforeBaseInit <br>(C++)</span><br><br> @@ -526,7 +535,7 @@ public : int f(); B() : A(f()) {} // warn }; -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.MemberOrBaseRefBeforeCtor <br>(C++)</span><br><br> @@ -589,7 +598,7 @@ struct S { non_trivial nt; S() : k(&nt.j) {} // warn }; -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.MemberRefAfterDtor <br>(C++)</span><br><br> @@ -620,7 +629,7 @@ void test() { s->~S(); s->f(); // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.CtorForeignCall <br>(C++)</span><br><br> @@ -641,7 +650,7 @@ class C : public A, B { public: C() : B((A*)this) {} }; -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.CtorForeignCast undefbehavior.CtorForeignTypeid @@ -669,7 +678,7 @@ class C : public A, B { public: C() : B((A*)this) {} }; -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.MemberRefInCatch undefbehavior.BaseRefInCatch @@ -689,7 +698,7 @@ public : i=2; // warn } }; -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.ReturnAtCatchEnd <br>(C++)</span><br><br> @@ -701,7 +710,7 @@ int test() try { } catch(int) { } // warn -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.AutoptrsOwnSameObj <br>(C++03)</span><br><br> @@ -715,7 +724,7 @@ void test() { std::auto_ptr<int> p(data); std::auto_ptr<int> q(data); // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.BasicStringBoundAccess <br>(C++03)</span><br><br> @@ -725,7 +734,7 @@ void test() { std::basic_string<char> s; char c = s[10]; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.BasicStringBoundModification <br>(C++)</span><br><br> @@ -735,7 +744,7 @@ void test() { std::basic_string<char> s; s[10] = 0; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.EosDereference <br>(C++)</span><br><br> @@ -749,7 +758,7 @@ void test() { int i = *v.end(); // warn *v.end() = 0; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.QsortNonPOD undefbehavior.QsortNonTrivial @@ -815,7 +824,7 @@ void test() { qsort(nt, 2, sizeof(non_trivial), compare2); // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.ThrowWhileCopy <br>C++</span><br><br> @@ -835,7 +844,7 @@ struct S { j = s.j; } }; -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.ValarrayArgBound <br>(C++)</span><br><br> @@ -853,7 +862,7 @@ void test(void) { S s[] = { S(1), S(2) }; std::valarray<S> v(s,3); // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.ValarrayLengthDiffer <br>(C++)</span><br><br> @@ -886,7 +895,7 @@ void test(void) { b.resize(1); a = b; // OK } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.ValarrayZeroLength <br>(C++)</span><br><br> @@ -901,7 +910,7 @@ void test(void) { v.min(); // warn v.max(); // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.ValarrayBadIndirection <br>(C++)</span><br><br> @@ -917,7 +926,7 @@ void test() { a[indirect] = b; //warn a[indirect] *= b; //warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.IosBaseDestroyedBeforeInit <br>(C++)</span><br> @@ -948,7 +957,7 @@ void test() { delete p1; // warn delete p2; // ok } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.IosBaseUsedBeforeInit <br>(C++11)</span><br><br> @@ -980,7 +989,7 @@ void test() { delete p1; // warn delete p2; // ok } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">undefbehavior.MinusOnePosType <br>(C++)</span><br><br> @@ -1003,7 +1012,7 @@ void test() { in.seekg(pos); // warn out.seekp(-1); // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> </table> <!-- ============================ different ================================ --> @@ -1024,7 +1033,7 @@ void test() { int v[1] = {0}; f(v[i], i++); // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.IdenticalExprBinOp <br>(C)</span><br><br> @@ -1050,7 +1059,7 @@ void test() { if (f() && f()) {} // ok } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.FuncPtrInsteadOfCall <br>(C)</span><br><br> @@ -1061,7 +1070,7 @@ int f(); void test() { if (f == 0) {} // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.IdenticalCondIfElseIf <br>(C)</span><br><br> @@ -1073,7 +1082,7 @@ void test() { if (i == 1) {} else if (i == 1) {} // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">SuccessiveAssign <br>(C)</span><br><br> @@ -1084,7 +1093,7 @@ void test() { i=1; i=2; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.NullDerefStmtOrder <br>enhancement to core.NullDereference<br>(C)</span><br><br> @@ -1105,7 +1114,7 @@ void test() { S *p2 = f(); int x2 = p2->x; // ok } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.NullDerefCondOrder <br>enhancement to core.NullDereference<br>(C)</span><br><br> @@ -1120,7 +1129,7 @@ void test() { S *p = f(); if (p->b && p) {}; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.IdenticalStmtThenElse <br>(C)</span><br><br> @@ -1135,7 +1144,7 @@ void test() { i++; } } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.MultipleAccessors <br>(C++)</span><br><br> @@ -1150,7 +1159,7 @@ public: void setI(int& ii) { i = ii; } void setJ(int& jj) { i = jj; } // warn }; -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.AccessorsForPublic <br>(C++)</span><br><br> @@ -1162,7 +1171,7 @@ public: int getI() { return i; } void setI(int& ii) { i = ii; } }; -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.LibFuncResultUnised <br>(C, C++)</span><br><br> @@ -1175,7 +1184,7 @@ void test() { std::vector<int> v; v.empty(); // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.WrongVarForStmt <br>(C, C++)</span><br><br> @@ -1188,7 +1197,7 @@ void test() { for (j=0; j<3; ++i); // warn for (int j=0; i<3; ++j); // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.FloatingCompare <br>(C)</span><br><br> @@ -1201,7 +1210,7 @@ void test() { if (b == 0.5) // warn b = 0; } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.BoolCompare <br>maybe merge with experimental.core.BoolAssignment<br>(C, C++)</span><br><br> @@ -1213,7 +1222,7 @@ void test() { bool b; if (b == 3) {}; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.BitwiseOpBoolArg <br>maybe join with experimental.core.BoolAssignment<br>(C, C++)</span><br><br> @@ -1226,7 +1235,7 @@ void test() { bool b = true; if (b & f()) {} // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.LabelInsideSwitch <br>(C)</span><br><br> @@ -1242,7 +1251,7 @@ void test() { c -= 1; break; } } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.IdenticalCondIfIf <br>(C)</span><br><br> @@ -1255,7 +1264,7 @@ void test() { if (c > 5) // warn c -= 1; } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.CondOpIdenticalReturn <br>(C)</span><br><br> @@ -1265,7 +1274,7 @@ void test() { unsigned a; a = a > 5 ? a : a; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.UnaryPlusWithUnsigned <br>(C)</span><br><br> @@ -1275,7 +1284,7 @@ void test() { unsigned a; a = +a; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.LogicalOpUselessArg <br>(C)</span><br><br> @@ -1285,7 +1294,7 @@ void test() { unsigned a; if (a<7 && a<10) {}; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.SameResLogicalExpr <br>(C)</span><br><br> @@ -1297,7 +1306,7 @@ void test() { if (i==0 && i==1) {}; // warn if (i<0 || i>=0) {}; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.SameResUnsignedCmp <br>(C)</span><br><br> @@ -1308,7 +1317,7 @@ void test() { if (u < -1) {}; // warn if (u >= 0) {}; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.OpPrecedenceAssignCmp <br>(C)</span><br><br> @@ -1324,7 +1333,7 @@ void test() { if((b = x != y)) {} // ok if((x = f() != y)) {} // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.OpPrecedenceIifShift <br>(C)</span><br><br> @@ -1337,7 +1346,7 @@ void test() { std::cout << a ? "a" : "b"; // warn a << a>7 ? 1 : 2; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.ObjectUnused <br>(C++)</span><br><br> @@ -1360,7 +1369,7 @@ void test() { S(0, 0); // warn std::exception(); // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.StaticArrayPtrCompare <br>(C)</span><br><br> @@ -1374,7 +1383,7 @@ void test() { int a2[1][1]; if (a2[0]) {}; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.ConversionToBool <br>maybe join with experimental.core.BoolAssignment<br>(C, C++)</span><br><br> @@ -1384,7 +1393,7 @@ bool test() { return 1.; // warn return ""; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.ArrayBound <br>enhancement to experimental.security.ArrayBound[v2]<br>(C, C++)</span><br><br> @@ -1398,7 +1407,7 @@ void test() { int i = 1; if(p2[i]) {}; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.StrcpyInputSize <BR>enhancement to experimental.unix.cstring.OutOfBounds<br>(C)</span><br><br> @@ -1408,7 +1417,7 @@ void test(char* string) { char buf[24]; strcpy(buf, string); // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.IntegerOverflow <br>(C)</span><br><br> @@ -1427,7 +1436,7 @@ void test() { int y = INT_MAX/2+1; // warn x = y*2; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.SignExtension <br>(C)</span><br><br> @@ -1451,7 +1460,7 @@ unsigned int test() { ui = g(); // warn return si; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.NumericTruncation <br>(C)</span><br><br> @@ -1475,7 +1484,7 @@ int test() { ss = g(); // warn return sll; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">different.MissingCopyCtorAssignOp <br>(C, C++)</span><br><br> @@ -1488,7 +1497,7 @@ public: C() { p = new int; } ~C() { delete p; } }; -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> </table> @@ -1513,7 +1522,7 @@ void test() { NULL, TEXT("MyProgram.exe"), NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi); } // warn -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">WinAPI.LoadLibrary <br>(C)</span><br><br> @@ -1525,7 +1534,7 @@ arbitrary location void test() { HINSTANCE h = LoadLibrary("X.dll"); // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">WinAPI.WideCharToMultiByte <br>(C)</span><br><br> @@ -1548,7 +1557,7 @@ void test() else s[res2] = 0; } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> </table> @@ -1571,7 +1580,7 @@ struct A { bool FirstIsZero(const struct A a) { // warn return a.a[0] == 0; } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">optimization.PostfixIncIter <br>(C++)</span><br><br> @@ -1585,7 +1594,7 @@ void test() { for(it = v.begin(); it != v.end(); it++) {}; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">optimization.MultipleCallsStrlen <br>(C)</span><br><br> @@ -1600,7 +1609,7 @@ void test() { if (strlen(s) > 0 && strlen(s) < 7) {}; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">optimization.EmptyCstrDetect <br>(C)</span><br><br> @@ -1613,7 +1622,7 @@ void test() { const char* s = "abc"; if (strlen(s) > 0) {}; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">optimization.StrLengthCalculation <br>(C, C++)</span><br><br> @@ -1627,7 +1636,7 @@ void test() { std::string s; if (strlen(s.c_str()) != 0) {}; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> <tr><td><span class="name">optimization.EmptyContainerDetect <br>(C, C++)</span><br><br> @@ -1640,7 +1649,7 @@ void test() { std::list<int> l; if (l.size() != 0) {}; // warn } -</pre></td><td></td></tr> +</pre></td><td class="aligned"></td></tr> </table> diff --git a/www/analyzer/release_notes.html b/www/analyzer/release_notes.html index 60f323b..190695e 100644 --- a/www/analyzer/release_notes.html +++ b/www/analyzer/release_notes.html @@ -15,6 +15,47 @@ <h1>Release notes for <tt>checker-XXX</tt> builds</h1> +<h4 id="checker_272">checker-272</h4> +<p><b>built:</b> March 1, 2013</br> + <b>download:</b> <a href="https://attache.apple.com/AttacheWeb/dl?id=ATCbb91eedf8edf4c7388549be8f91e810d">checker-272.tar.bz2</a></p> + <p><b>highlights:</b></p> + <ul> + <li>Better modeling of C++ constructors: + <ul> + <li>Interprocedural analysis support for constructors of types with trivial destructors</li> + <li>Efficient model of trivial copy and move constructors</li> + </ul> + </li> + <li>Better diagnostics for loops that execute 0 times</li> + <li>Fixes a linking issue that prevented the checker from running on OS X v10.6 and earlier</li> + <li>Fixes for misc. crashes and false positives</li> + </ul> + +<h4 id="checker_271">checker-271</h4> +<p><b>built:</b> February 8, 2013</br> + <b>download:</b> <a href="http://bit.ly/1299Xt3">checker-271.tar.bz2</a></p> + <p><b>highlights:</b></p> + <ul> + <li>Faster analysis for <tt>scan-build xcodebuild</tt> when using Xcode 4.6 and higher: + <ul> + <li><tt>scan-build</tt> now uses Xcode's built-in interposition mechanism for the static analyzer to provide faster builds while doing static analysis (PCH files are now built).</li> + <li>This change also allows <tt>scan-build</tt> to have better support for iOS project analysis without having to specifying weird SDK settings to <tt>scan-build</tt>.</li> + </ul></li> + <li>Better diagnostics for implicitly-defined member functions in C++.</li> + <li>New warning for <tt>malloc</tt>/<tt>free</tt> checker when passing <tt>malloc</tt>'ed pointer with non-zero offset to <tt>free()</tt>. + <li>Fixes for misc. parser crashes.</li> + <li>Newer than the static analyzer version in Xcode 4.6</li> + </ul> + +<h4 id="checker_270">checker-270</h4> +<p><b>built:</b> January 4, 2013</br> + <b>download:</b> <a href="http://bit.ly/13ekSoV">checker-270.tar.bz2</a></p> + <p><b>highlights:</b></p> + <ul> + <li>Major performance enhancements to speed up interprocedural analysis.</li> + <li>Misc. bug fixes.</li> + </ul> + <h4 id="checker_269">checker-269</h4> <p><b>built:</b> September 25, 2012</br> <b>download:</b> <a href="http://bit.ly/USf8ge">checker-269.tar.bz2</a></p> diff --git a/www/analyzer/xcode.html b/www/analyzer/xcode.html index ac75a047..4bae1c1 100644 --- a/www/analyzer/xcode.html +++ b/www/analyzer/xcode.html @@ -2,7 +2,7 @@ "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> - <title>Build and Analyze: running the analyzer within Xcode</title> + <title>Running the analyzer within Xcode</title> <link type="text/css" rel="stylesheet" href="content.css"> <link type="text/css" rel="stylesheet" href="menu.css"> <script type="text/javascript" src="scripts/menu.js"></script> @@ -14,15 +14,16 @@ <!--#include virtual="menu.html.incl"--> <div id="content"> -<h1>Build and Analyze: running the analyzer within Xcode</h1> +<h1>Running the analyzer within Xcode</h1> <table style="margin-top:0px" width="100%" border="0" cellpadding="0px" cellspacing="0"> <tr><td> <h3>What is it?</h3> -<p><i>Build and Analyze</i> is an Xcode feature (introduced in Xcode 3.2) that -allows users to run the Clang Static Analyzer <a -href="http://developer.apple.com/mac/library/featuredarticles/StaticAnalysis/index.html">directly + +<p>Since Xcode 3.2, users have been able to run the Clang Static Analyzer +<a +href="https://developer.apple.com/library/mac/documentation/ToolsLanguages/Conceptual/Xcode4UserGuide/060-Debug_Your_App/debug_app.html#//apple_ref/doc/uid/TP40010215-CH3-SW17">directly within Xcode</a>.</p> <p>It integrates directly with the Xcode build system and @@ -45,23 +46,24 @@ presents analysis results directly within Xcode's editor.</p> single keystroke or mouse click.</li> <li><b>Transparency:</b> Works effortlessly with Xcode projects (including iPhone projects). <li><b>Cons:</b> Doesn't work well with non-Xcode projects. For those, - consider using <a href="/scan-build.html"><b>scan-build</b></a>. + consider using <a href="scan-build.html"><b>scan-build</b></a>. </ul> <h2>Getting Started</h2> -<p>Xcode 3.2 is available as a free download from Apple, with <a -href="http://developer.apple.com/mac/library/featuredarticles/StaticAnalysis/index.html">instructions available</a> -for using <i>Build and Analyze</i>.</p> +<p>Xcode is available as a free download from Apple on the <a +href="https://itunes.apple.com/us/app/xcode/id497799835?mt=12">Mac +App Store</a>, with <a +href="https://developer.apple.com/library/mac/documentation/ToolsLanguages/Conceptual/Xcode4UserGuide/060-Debug_Your_App/debug_app.html#//apple_ref/doc/uid/TP40010215-CH3-SW17">instructions +available</a> for using the analyzer.</p> -<h2>Using open source analyzer builds with <i>Build and Analyze</i></h2> +<h2>Using open source analyzer builds with Xcode</h2> <p>By default, Xcode uses the version of <tt>clang</tt> that came bundled with -it to provide the results for <i>Build and Analyze</i>. It is possible to change -Xcode's behavior to use an alternate version of <tt>clang</tt> for this purpose -while continuing to use the <tt>clang</tt> that came with Xcode for compiling -projects.</p> +it to analyze your code. It is possible to change Xcode's behavior to use an +alternate version of <tt>clang</tt> for this purpose while continuing to use +the <tt>clang</tt> that came with Xcode for compiling projects.</p> <h3>Why try open source builds?</h3> @@ -78,7 +80,7 @@ issues.</p> <p>Starting with analyzer build checker-234, analyzer builds contain a command line utility called <tt>set-xcode-analyzer</tt> that allows users to change what -copy of <tt>clang</tt> that Xcode uses for <i>Build and Analyze</i>:</p> +copy of <tt>clang</tt> that Xcode uses for analysis:</p> <pre class="code_example"> $ <b>set-xcode-analyzer -h</b> @@ -93,8 +95,8 @@ Options: </pre> <p>Operationally, <b>set-xcode-analyzer</b> edits Xcode's configuration files -(in <tt>/Developer</tt>) to point it to use the version of <tt>clang</tt> you -specify for static analysis. Within this model it provides you two basic modes:</p> +to point it to use the version of <tt>clang</tt> you specify for static +analysis. Within this model it provides you two basic modes:</p> <ul> <li><b>--use-xcode-clang</b>: Switch Xcode (back) to using the <tt>clang</tt> that came bundled with it for static analysis.</li> @@ -104,14 +106,14 @@ specify for static analysis. Within this model it provides you two basic modes: <h4>Things to keep in mind</h4> <ul> -<li>You should quit Xcode prior to running <tt>set-xcode-analyzer</tt>.</li> -<li>You will need to run <tt>set-xcode-analyzer</tt> under <b><tt>sudo</tt></b> - in order to have write privileges to modify the Xcode configuration files.</li> + <li>You should quit Xcode prior to running <tt>set-xcode-analyzer</tt>.</li> <li>You will need to run <tt>set-xcode-analyzer</tt> under +<b><tt>sudo</tt></b> in order to have write privileges to modify the Xcode +configuration files.</li> </ul> <h4>Examples</h4> -<p><b>Example 1</b>: Telling Xcode to use checker-235 for <i>Build and Analyze</i>:</p> +<p><b>Example 1</b>: Telling Xcode to use checker-235:</p> <pre class="code_example"> $ pwd |
